Restoring the luster to bitcoin in the wake of Mt. Gox

The digital currency has a problem with robberies that needs to be sorted if it is to survive. Some proponents are urging steps that are anathema to many in the community: regulation of the currency and a move away from anonymity

By Alex Hern / The Guardian

Illustration: Yusha

The collapse of Mt. Gox will be hard for bitcoin to recover from. If a leaked “crisis strategy” document is accurate, by the end of the site’s life, its total bitcoin holdings were just 2,000 bitcoins, while customer deposits totaled 624,408 bitcoins.

The reason for the discrepancy, according to the document, is vulnerability in the bitcoin protocol, which allowed 744,408 bitcoins — about 6 percent of all the bitcoins presently in circulation — to be stolen from the site’s “cold storage,” a bitcoin wallet unconnected to the main network where coins are (theoretically) safe from hacking attacks.

The issue, known as “transaction malleability,” has been known about since 2011 and most bitcoin software is already protected from it.

The Bitcoin Foundation, the non-profit devoted to development and promotion of the currency, says that “any company dealing with Bitcoin transactions [which has] coded their own wallet software should responsibly prepare for this possibility.”

Early last year, Mt. Gox was the largest bitcoin exchange in the world, with an estimated 70 percent of all transactions going through the site. However, the site always had problems, particularly with withdrawals. Stringent adherence to US money-laundering regulations (though based in Tokyo, it belonged to a US company, Mutum Sigillum LLC) meant it was significantly harder to sell bitcoins on the site (that is, converting them into a “fiat” currency such as dollars) than to buy them (swapping dollars for bitcoins).

This caused the price to veer away from that on other exchanges. In June last year, the site even implemented a “temporary hiatus” on dollar withdrawals, preventing every user from accessing their money. That hiatus officially ended after two weeks, but withdrawing dollars remained slow.

Then, early last month, Mt. Gox also limited bitcoin withdrawals. Users could still use the site to trade bitcoins to other currencies within their own accounts (so if you owned 2 bitcoins you could credit your dollar account on the site with its equivalent), but could not withdraw their purchases to spend outside the site. The price of bitcoin on Mt. Gox became completely disengaged from the wider bitcoin market and plummeted below US$100 on Feb. 21; on other exchanges it was above US$500.

It seems likely that it was early last month when the company discovered that its cold storage was gone. While the value of customer accounts was 624,408 bitcoins, the company actually only possessed the 2,000 bitcoins that were in its “hot wallet” — the bitcoin wallet connected directly to the exchange and used to enable trading (rather like the cash float in a cash register, as opposed to the safe in the back of the shop — which was the “cold storage”).

Even in pure dollar-denominated debts, the crisis strategy document says the company is insolvent, with US$55 million of liabilities, but assets of just US$32 million (US$5 million of which are held by the US Department of Homeland Security after they were seized in August last year).

Mt. Gox seems to hope this will not be the end of the road. The crisis strategy document implies a rebranding to “Gox,” replete with a new logo and a plea to big hitters in the bitcoin world to donate some money to ensure that depositors don’t lose all their holdings.

A peek at the source code of the now-blank site contains a hint of a future acquisition, with an empty space labelled “put announce for mtgox acq here.”